If you’re having this issue with building
https://gitlab.com/mattwb65/srt-live-server.git
Continue reading “Compiling gitlab.com/mattwb65/srt-live-server error solution”
How to package your SPA or PWA without a Dockerfile using Go and ko
Writing Dockerfiles is a pain in the ass.
All you want to do is publish your SPA or PWA dist files in a docker container and maybe even push it to a private registry.
Instead of having to write a Dockerfile, pull some base OS, increase the size of the container image, add potential attack surfaces / vulnerabilities coming from those base OS images, you can wrap and embed it in a Go binary.
Install ko
Create a ko-build.sh in the project root
|
1 2 3 |
#!/bin/bash ko login registry.domain.tld -u myuser -p mypassword KO_DOCKER_REPO=registry.domain.tld/user/my-frontend ko build --platform=all |
|
1 2 |
go mod init git.domain.tld/user/repo touch main.go |
and edit main.go and insert the following
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
package main import ( "embed" "io/fs" "log" "net/http" "strings" ) //go:embed dist var pwa embed.FS //go:embed dist/index.html var index embed.FS var indexFile []byte func init() { var e error indexFile, e = index.ReadFile("dist/index.html") if e != nil { log.Fatal(e.Error()) } } func main() { root, e := fs.Sub(pwa, "dist") if e != nil { log.Fatal(e.Error()) } log.Fatal(http.ListenAndServe(":8080", Handler(root))) } func Handler(root fs.FS) http.Handler { handler := http.FileServer(http.FS(root)) return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { _path := req.URL.Path // static files if strings.Contains(_path, ".") || _path == "/" { handler.ServeHTTP(w, req) return } w.Write(indexFile) }) } |
assuming your bundler, e.g. vite, places dist files in your project root’s dist dir (vite default),
|
1 2 3 4 5 6 |
dist ├── assets │  ├── index-D-1oofZ3.css │  └── index-DMGf-fk6.js ├── index.html └── vite.svg |
If your dist files are in dist/pwa and your index file is at dist/pwa/index.html edit the lines accordingly.
This is effectively what would be in nginx:
|
1 2 3 |
location / { try_files $uri $uri/ /index.html; } |
Your container exposes port 8080
Build and publish
|
1 |
bash ko-build.sh |
Since you only need to write this once, you can copy the main.go to every project that requires it and adjust the ko-build.sh script.
Yes, this survives CTRL+F5 reloads. It routes everything through index.html unless it’s a static file that exists on the filesystem.
k8s delete pv or pvc first?
Looking back
Looking back, I feel the current point in time is like the beginning of a new chapter.
I was very hurt and angry since my Ex cheated on me in 2010 and that created a lot of pain and unusual behavior which lead to mostly bad things happening in my life.
I’m not saying everything is different, but things have changed.
I feel like I’m slowly getting my inner balance back.
Secure OBS Websocket with nginx
The OBS websocket developer has a pretty weird point of view regarding listening on private network addresses vs the current state of it listening on a public IP or IPs.
What OBS websocket currently does is listening on 0.0.0.0 which is an alias for all available IP addresses.
But if you’re controlling OBS via Websocket from the outside, it’s no one’s business what you do there.
I will explain how to turn the ws:0.0.0.0:4455 into a wss:domain.tld:443 .
It’s very simple. You need to have nginx installed and somewhere “production ready” configured.
You probably have your config files in /etc/nginx/conf.d or similar.
Create a vhost there.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
server { listen 80; listen [::]:80; server_name domain.tld; include /etc/nginx/acme.conf; error_log /var/log/nginx/domain.tld.error.log; access_log /var/log/nginx/domain.tld.access.log; location / { return 301 https://domain.tld$request_uri; } } server { listen 443 ssl; listen [::]:443 ssl; http2 on; server_name domain.tld; ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; error_log /var/log/nginx/domain.tld.error.log; access_log /var/log/nginx/domain.tld.access.log; location / { proxy_pass http://127.0.0.1:4455; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 10; proxy_connect_timeout 10; proxy_redirect off; } } |
save it as /etc/nginx/conf.d/domain.tld.conf
Replace all instances of domain.tld with your domain and/or subdomain combination/name.
/etc/nginx/acme.conf
|
1 2 3 4 5 6 7 |
location /.well-known { alias /var/www/acme/.well-known; location ~ /.well-known/(.*) { default_type text/plain; } } |
|
1 2 |
mkdir -p /var/www/acme/.well-known chown nginx:nginx /var/www/acme/.well-known |
request a new certificate from letsencrypt
|
1 |
certbot certonly -d domain.tld -w /var/www/acme/ --webroot |
and restart nginx
|
1 |
systemctl restart nginx |
If you can’t generate a certificate, or nginx fails to start,
comment everything in the 2nd server block, aka add a # at the beginning of each line there, restart nginx, request a cert, uncomment again, restart nginx.
Connect to OBS websocket via wss://domain.tld:443
Ideally you would have a firewall on your obs server, but this is out of scope.# of this post.
Any questions, comments are below.